216.73.217.50

CVE-2025-15575

· Published 12/02/2026 11:15 · Modified 12/02/2026 16:16

Labels: CVE-2025-15575 2026-02-12551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2025-15575CWE-494

Essential information

Published
12/02/2026 11:15
Modified
12/02/2026 16:16
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD
View on NVD

Affected products (CPE)

ProductCPE
espressif / esp32 cpe:2.3:a:espressif:esp32:*:*:*:*:*:*:*:*

References